[wp-trac] [WordPress Trac] #63406: Lack of mutex for query object values like is_category and is_author can result in warnings
WordPress Trac
noreply at wordpress.org
Wed May 7 11:37:50 UTC 2025
#63406: Lack of mutex for query object values like is_category and is_author can
result in warnings
--------------------------+-----------------------------
Reporter: leedxw | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: 6.8
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
We're seeing warnings triggered by attempts to request pages that match
both {{{is_category()}}} and {{{is_author()}}}. These aren't legitimate
requests, we're assuming this is an attacker trying to trigger unexpected
behaviour.
I'm seeing this on sites with co-authors-plus installed, but it feels like
an issue in core.
To reproduce (assuming "admin" is an author of at least one post):
{{{
wp plugin install co-authors-plus
wp plugin activate co-authors-plus
wp co-authors-plus create-guest-authors
curl "http://localhost/author/admin/?a=1&cat=2" > /dev/null
}}}
Produces the following warnings:
{{{
PHP Warning: Undefined property: stdClass::$name in /var/www/html/wp-
includes/general-template.php on line 1610
PHP Deprecated: strip_tags(): Passing null to parameter #1 ($string) of
type string is deprecated in /var/www/html/wp-includes/class-wp-hook.php
on line 324
PHP Warning: Undefined property: stdClass::$name in /var/www/html/wp-
includes/general-template.php on line 3412
PHP Warning: Undefined property: stdClass::$term_id in /var/www/html/wp-
includes/general-template.php on line 3415
}}}
This happens because {{{is_category()}}} returns true, but then attempts
to use an object that isn't a category.
If a call to {{{is_category()}}} uses an object that is not a category
object, then the result should be false.
This might be patched by adding a check in {{{is_category()}}}
{{{
--- class-wp-query.php.dist 2025-05-07 11:11:36.000000000 +0000
+++ class-wp-query.php 2025-05-07 11:20:58.315628592 +0000
@@ -4269,5 +4269,10 @@
if ( empty( $category ) ) {
- return true;
+ if ( empty($this->taxonomy) || $this->taxonomy !=
'category' ) {
+ $this->is_category = false;
+ return false;
+ } else {
+ return true;
+ }
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63406>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list